A panel of cyber insurance experts discussed potential risks surrounding IoT products and upcoming technologies

During an Insurance Times webinar, a panel of cyber insurance experts discussed potential risks surrounding IoT products and upcoming technologies, emphasising that insurers must be aware of these challenges in order to deliver ‘proactive’ risk management.

Speaking as part of the discussion on 3 March during an Insurance Times webinar in association with CGI, titled ’Cyber Security and the Pandemic: trends and their implications for insurers’, Mark Hawksworth, Sedgwick’s global technology specialist practice group leader, told the audience that these risks are on the horizon and that the insurance industry must think of products to protect these devices.

One of these new cyber threats is 5G. Despite offering benefits such as a faster download speed, Hawksworth said: “What makes me nervous is cyber criminals have demonstrated quite efficiently that they are very good with software and the problem I perceive with 5G-based networks is that we are moving from centralised hardware solutions to software-based digital routing.”

This is because for 5G, security solutions are not as simple as for its hardware counterparts - for example, it does not use standard firewalls.

Hawksworth continued: “You have got software networks managed by software. The problem is someone can get into those networks and gain access rather like hackers do with administration accounts on traditional networks.”

Security as an afterthought?

In terms of IoT, Hawksworth said that endpoints connected to networks are built for functionality, but security is often an afterthought.

He gave the example of a CCTV system that is compromised - once this happens, it will not receive updates.

“If criminals scan for those devices, they can very quickly build up a network of these devices and [they] can be used in software as a service (SaaS) attacks,” he added.

He cited a second example of a smart thermometer being used to breach a Las Vegas casino in 2018.

Richard Holmes, head of cyber security at CGI, added that directing consumers towards retailers that do offer suitable insurance with their devices would be a good thing.

Proactive risk management

Meanwhile, Lindsey Nelson, cyber development leader at CFC Underwriting, cited multi-factor authentication as key to avoiding potential attacks.

“For us, it is not just about detecting vulnerabilities for businesses, it’s not about changing our underwriting or declining a risk. It is about telling them they have a vulnerability and working with them to remediate it, giving them that proper guidance, working with them on individual response plans,” she added.

“Certainly, that proactive piece of risk management is going to be the future interaction of cyber insurance.”